The page may not load correctly.
Dr.Web Enterprise Security Suite
for all corporate network hosts
a subscription basis
Internet-based information security services
Dr.Web Security Space
for Windows, macOS, Linux
protection for Android devices—free
Description | Renew | Upgrade | Trial
Trial for home
Trial for businesses
Trial for mobiles
Trial for business
For IT professionals and students
My Dr.Web PortalFor home For business
The Doctor Web virus-monitoring service collects samples of malicious files all over the Internet.
In just one day the Doctor Web virus laboratory receives up to a million and more potentially malicious samples.
We have been studying malware since 1992—few players in the market have accumulated so much experience.
Some of the files received aren't malware. And, of course, some samples are duplicates. However, they must all be processed by our security researchers. It’s not feasible to process millions of samples per month manually. That's why Doctor Web specialists created a "robot-analyst" — it parses received samples and creates signatures for those considered malicious or potentially dangerous. Automation frees virus analysts up so that they can spend their time examining only complex samples of malicious programs that cannot be processed automatically. That’s one reason why our company is able to keep the system-curing quality of our Dr.Web products at the very highest level in the information security industry.
Just a single entry allows hundreds or even thousands of similar malicious files to be detected — including those that may be created by cybercriminals in the future.
Doctor Web regularly purges these databases of duplicate entries without impacting the quality of detection. An anti-virus should not slow a system down!
The Dr.Web virus databases possess a unique feature—an algorithm for searching for signatures in the virus databases, as well as in the firewall’s and behaviour analyser’s rules databases, which means the search time does not increase if the number of database entries increases.
Intelligent updating of definitions for related viruses can automatically result in new malware definitions being added to the virus database, which reduces the time needed to respond to a malicious attack.
With Dr.Web virus databases kept small, a constant increase in system requirements is not needed. Updates remain small, while the quality of detection and curing remains at the same traditionally high level.
Every day, the Doctor Web virus laboratory receives up to a million potentially malicious samples.
Some of the files we receive aren't malware. However, they must all be processed by our security researchers. The huge flow of malicious programs received by Doctor Web's virus laboratory for analysis allow us to break down the data into specific sections and identify which sections are exhibiting malicious behaviour.
Starting with version 11.5, Dr.Web solutions use detection rules based on machine-learning algorithms — SpIDer ML Anti-Script technologies.
Note that pure signature-based anti-viruses — i.e., those that detect malware only according to the definitions in their virus databases — died out in the 1990s, when ever-changing polymorphic viruses that could not be detected by their signatures appeared (by the way, this led to the emergence of the Dr.Web anti-virus).
If anti-viruses today were able to recognise new viruses only according to the entries in their virus databases, these databases would be so large that no computer’s memory could accommodate them, scanning would take ages, and PC performance would be severely handicapped.
Non-signature technologies and Preventive protection technologies help Dr.Web protect against threats not yet known to its virus database.